Robust System on a chip (SoC) security requires hardware enforced isolation where a non-secure/non-trusted entity cannot access secure resources [Modules, SRAM regions, DDR regions, DMA, IPs, etc.]. These security firewall checks must be comprehensive to ensure any individual SoC resource can be marked selectively secure thereby providing the ability to restrict access to that given resource. The firewall architecture must also have the flexibility to address various security tiers even within a secure world and must support a multi-tier firewall architecture to isolate one secure world from another secure world as well as from non-secure worlds.